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CCNA Security Lab 14 - Cisco IOS SYSLOG and SNMP Configuration - CLI 

Lab 14 

Cisco IOS Syslog and SNMP Configuration 
Lab Objective: 

The objective of this lab exercise is for you to learn and understand how 
configure Syslog and SNMP reporting on Cisco IOS routers. 

Lab Purpose: 

Syslog and SNMP are tools that can be used to provide security-related 
information, such as access breaches, configuration changes and high processor 
utilization, for example. As a CCNA Security administrator, you are expected to 
demonstrate a solid understanding of the basic Syslog and SNMP configuration in 
Cisco IOS routers. 

Lab Difficulty: 

This lab has a difficulty rating of 7/10. 

Readiness Assessment: 

When you are ready for your certification exam, you should complete this lab in 
no more than 15 minutes. 

Lab Topology: 

Please use any single switch to complete this lab: 



172 . 16 . 1 . 254/24 

Lab 14 Configuration Tasks 
Task 1: 

Configure the hostname on R1 and IP addressing as illustrated in the diagram. In 
addition, configure Host 1 with the IP address specified and a default gateway 
of 172.16.1.1. 

NOTE: 

If you do not have a Host in your lab, you can simply substitute Host 1 for another router with an Ethernet 
interface and a default static route pointing to 172.16.1.1. 


Task 2: 






Configure the following Loopback interfaces on Rl: 

Interface Address Mask 

Loopback 10 10.1.1.1 /24 
Loopback 20 20.1.1.1 /28 
Loopback 30 30.1.1.1 /20 

Task 3: 

Configure an extended ACL on Rl that provides the most detailed logging on all traffic to the LoopbacklO, 
Loopback20 and Loopback30 subnets. This ACL should deny all IP traffic to these subnets. Apply this ACL inbound on 
the FastEthernet0/0 interface of Rl. 

Task 4: 

Configure the local time on Rl as 20:00 GMT/UTC using today's date for the clock date. 

Task 5: 

Configure Syslog on Rl as follows: 

Log all debugging messages to the local router buffer 
Configure a buffer size of 10,000 

Log all informational messages to SYSLOG server 172.16.1.254 

In addition to this, configure the logs to show the date and time, as well as the time zone. And, finally, configure Rl 
so that all logs include sequence numbers for easier identification. 

Task 6: 

Configure SNMP on Rl as follows: 

Configure Rl to send all configuration traps to server 172.16.1.254 

Configure Rl so that server 172.16.1.254 has read and write access to the router 

Server 172.16.1.254 will use the SNMP Community string secret to manage Rl 

Task 7: 

Clear your logs and verify your configuration by pinging from Host 1 to any of the Loopback interfaces on Rl. There 
should be entries that provided detailed information in the local router buffer. You can also Telnet from Host 1 to any 
of the Loopback interfaces on Rl. 

Verify your SNMP configuration by entering/exiting configuration mode on Rl. If you have configured this correctly, 
you will see SNMP traps being sent by Rl. 


Lab 14 Configuration and Verification 
Task 1: 

Router(config)#hostname Rl 

Rl(config)#interface fO/O 

Rl(config-if)#ip address 172.16.1.1 255.255.255.0 

Rl(config-if)#no shut 

Rl(config-if)#exit 

Rl(config)#exit 

Rl#show ip interface brief 

Interface IP-Address OK? Method Status 

FastEthernet0/0 172.16.1.1 YES NVRAM up 

Serial0/0 unassigned 


Protocol 

up 


YES manual administratively down down 


<= ' Command Prompt 




C:\>ipconfig 

Windows IP Configuration 


Ethernet adapter Local Area Connection 2: 

Connection-specific DNS Suffix . : 

IP Address.: 172.16.1.254 

Subnet Mask . : 255.255.255.0 

Default Gateway . : 172.16.1.1 

Ethernet adapter Wireless Network Connection: 

Media State .... . Media disconnected 

C:\>ping 172.16.1.1 

Pinging 172.16.1.1 with 32 bytes of data: 

Reply fron 172.16.1.1: bytes“32 tine*5ns TTL-255 
Reply fron 172.16.1.1: bytes=32 tine=lns TTL=255 
Reply fron 172.16.1.1: bytes=32 tine=lns TTL=255 
Reply fron 172.16.1.1: bytes=32 tine=»lns TTL=255 

Ping statistics for 172.16.1.1: 

Packets: Sent = 4, Received = 4, Lost = 0 <0x loss>, 
Approxinate round trip tines in nilli-seconds: 

Mininun * Ins, Maxinun = 5ns, Average “ 2ns 

P = \> 


Task 2: 

Rl(config)#int lo 10 

Rl(config-if)#ip address 10.1.1.1 255.255.255.0 

Rl(config-if)#exit 
Rl(config)#int lo 20 

Rl(config-if)#ip address 20.1.1.1 255.255.255.240 

Rl(config-if)#exit 
Rl(config)#int lo 30 

Rl(config-if)#ip address 30.1.1.1 255.255.240.0 

Rl(config-if)#exit 

Rl(config)#exit 

Rl# 

Rl# 

Rl#show ip interface brief 


Interface 

IP-Address 

OK? Method Status 

Protocol 

FastEthernetO/O 

172.16.1.1 

YES NVRAM up 

up 

SerialO/O 

unassigned 

YES manual administratively down dowr 

LoopbacklO 

10.1.1.1 

YES manual up 

up 

Loopback20 

20.1.1.1 

YES manual up 

up 

Loopback30 

30.1.1.1 

YES manual up 

up 

Task 3: 





To complete this Task, do not forget that there is an implicit deny all statement at the end of ACLS; therefore ensure 
that you permit all other traffic once your deny statements are done. 






Ki^t-uimy ;#ip dtm;>b-iisL eALenueu uc iHiLCLi-Luuuinu 


Rl(config-ext-nacl)#deny ip any 10.1.1.0 0.0.0.255 log-input 
Rl(config-ext-nacl)#deny ip any 20.1.1.0 0.0.0.15 log-input 
Rl(config-ext-nacl)#deny ip any 30.1.1.0 0.0.15.255 log-input 

Rl(config-ext-nacl)#permit ip any any 
Rl(config-ext-nacl)#exit 
Rl(config)#int fast0/0 

Rl(config-if)#ip access-group DETAILED-LOGGING in 

Rl(config-if)#exit 

Rl(config)#exit 

Rl# 

Rl#show ip interface fast0/0 

FastEthernetO/O is up, line protocol is up 
Internet address is 172.16.1.1/24 
Broadcast address is 255.255.255.255 
Address determined by non-volatile memory 
MTU is 1500 bytes 
Helper address is not set 
Directed broadcast forwarding is disabled 
Outgoing access list is not set 
Inbound access list is DETAILED-LOGGING 
Proxy ARP is enabled 
—[Truncated Output]— 

Task 4: 

Rl(config)#clock timezone UTC -0 

Rl(config)#exit 

Rl#clock set 20:00:00 28 July 2009 

Rl# 

Rl#show clock 

20:00:03.545 UTC Tue Jul 28 2009 

Task 5: 

Rl(config)#logging on 

Rl(config)#logging buffered debugging 
Rl(config)#logging buffered 10000 
Rl(config)#logging trap informational 
Rl(config)#logging host 172.16.1.254 

Rl(config)#service timestamps log datetime show-timezone 
Rl(config)#service sequence-numbers 



Rl(config)#exit 

Rl# 

Rl#show logging 

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited, 
0 flushes, 0 overruns, xml disabled, filtering disabled) 

No Active Message Discriminator. 


No Inactive Message Discriminator. 


Console logging: disabled 

Monitor logging: level debugging, 0 messages logged, xml disabled, 
filtering disabled 

Buffer logging: level debugging, 3 messages logged, xml disabled, 
filtering disabled 

Logging Exception size (4096 bytes) 

Count and timestamp logging messages: disabled 

Persistent logging: disabled 

Trap logging: level informational, 38 message lines logged 
Logging to 172.16.1.254 (udp port 514, audit disabled, 
authentication disabled, encryption disabled, link up), 

3 message lines logged, 

0 message lines rate-limited, 

0 message lines dropped-by-MD, 

xml disabled, sequence number disabled 

filtering disabled 

Log Buffer (10000 bytes): 

000035: Jul 28 20:03:17 UTC: %SYS-5-CONFIG_I: Configured from console by console 

000036: Jul 28 20:13:17 UTC: %SYS-5-CONFIG_I: Configured from console by console 

000037: Jul 28 20:14:07 UTC: %SYS-5-CONFIG_I: Configured from console by console 

Task 6: 

Rl(config)#access-list 5 permit host 172.16.1.254 
Rl(config)#snmp-server community secret RW 5 
Rl(confiq)#snmp-server host 172.16.1.254 traps secret config 




Rl(config)#snmp-server enable traps config 

Rl(config)#exit 

Rl# 

Rl# 

Rl#show snmp 

Chassis: FTX0915A2V4 
0 SNMP packets input 

0 Bad SNMP version errors 
0 Unknown community name 
0 Illegal operation for community name supplied 
0 Encoding errors 
0 Number of requested variables 
0 Number of altered variables 
0 Get-request PDUs 
0 Get-next PDUs 
0 Set-request PDUs 

0 Input queue packet drops (Maximum queue size 1000) 

2 SNMP packets output 

0 Too big errors (Maximum packet size 1500) 

0 No such name errors 
0 Bad values errors 
0 General errors 
0 Response PDUs 
2 Trap PDUs 

SNMP logging: enabled 

Logging to 172.16.1.254.162, 2/10, 0 sent, 0 dropped. 

Task 7: 

Rl#clear log 

Clear logging buffer [confirm] 

Rl# 

Rl#show logging 

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited, 
0 flushes, 0 overruns, xml disabled, filtering disabled) 


No Active Message Discriminator. 



No Inactive Message Discriminator. 


Console logging: level debugging, 1 messages logged, xml disabled, 
filtering disabled 

Monitor logging: level debugging, 0 messages logged, xml disabled, 
filtering disabled 

Buffer logging: level debugging, 7 messages logged, xml disabled, 
filtering disabled 

Logging Exception size (4096 bytes) 

Count and timestamp logging messages: disabled 

Persistent logging: disabled 

Trap logging: level informational, 42 message lines logged 
Logging to 172.16.1.254 (udp port 514, audit disabled, 
authentication disabled, encryption disabled, link up), 

7 message lines logged, 

0 message lines rate-limited, 

0 message lines dropped-by-MD, 

xml disabled, sequence number disabled 

filtering disabled 

Log Buffer (10000 bytes): 

Rl# 

Now, perform a ping from Host 1 to any Loopback interface on Rl and verify the logs 

Rl#show logging 

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited, 

0 flushes, 0 overruns, xml disabled, filtering disabled) 

No Active Message Discriminator. 


No Inactive Message Discriminator. 


Console logging: level debugging, 126 messages logged, xml disabled, 


filtering disabled 



Monitor logging: level aeougging, u messages logged, xml aisaoiea, 
filtering disabled 

Buffer logging: level debugging, 132 messages logged, xml disabled, 
filtering disabled 

Logging Exception size (4096 bytes) 

Count and timestamp logging messages: disabled 
Persistent logging: disabled 

Trap logging: level informational, 44 message lines logged 
Logging to 172.16.1.254 (udp port 514, audit disabled, 
authentication disabled, encryption disabled, link up), 

9 message lines logged, 

0 message lines rate-limited, 

0 message lines dropped-by-MD, 

xml disabled, sequence number disabled 

filtering disabled 

Log Buffer (10000 bytes): 

000116: Jul 28 20:30:40 UTC: %SEC-6-IPACCESSLOGDP: list DETAILED-LOGGING denied icmp 
172.16.1.254 (FastEthernetO/0 001d.09d4.0238) -> 20.1.1.1 (0/0), 1 packet 

To validate SNMP, use the debug snmp packets command and then access configuration mode. You will see SNMP 
traps being sent by R1 to the SNMP server 172.16.1.254 

Rl#debug snmp packets 

SNMP packet debugging is on 
Rl# 

Rl#config t 

Enter configuration commands, one per line. End with CNTL/Z. 

Rl(config)# 

Rl(config)# 

000119: Jul 28 20:33:22.727: SNMP: Queuing packet to 172.16.1.254 

000120: Jul 28 20:33:22.727: SNMP: VI Trap, ent ciscoConfigManMIB.2, addr 172.16.1.1, gentrap 6, 
spectra p 1 

ccmHistoryEventEntry.3.32 = 1 
ccmHistoryEventEntry.4.32 = 2 
ccmHistoryEventEntry.5.32 = 3 

000121: Jul 28 20:33:22.979: SNMP: Packet sent via UDP to 172.16.1.254 

Rl(config)#exit 

Rl# 

Rl#conf 

000122: Jul 28 20:33:31 UTC: %SYS-5-CONFIG_I: Configured from console by console 



Configuring from terminal, memory, or network [terminal]? 

Enter configuration commands, one per line. End with CNTL/Z. 

Rl(config)# 

000123: Jul 28 20:33:39.975: SNMP: Queuing packet to 172.16.1.254 

000124: Jul 28 20:33:39.975: SNMP: VI Trap, ent ciscoConfigManMIB.2, addr 172.16.1.1, gentrap 6, 
spectra p 1 

ccmHistoryEventEntry.3.33 = 1 
ccmHistoryEventEntry.4.33 = 2 
ccmHistoryEventEntry.5.33 = 3 

000125: Jul 28 20:33:40.227: SNMP: Packet sent via UDP to 172.16.1.254 

Rl(config)#exit 

Rl# 

000126: Jul 28 20:33:44 UTC: %SYS-5-CONFIG_I: Configured from console by console 

Rl#undebug all 

All possible debugging has been turned off 


Lab 14 Configurations 
Rl Configuration 

Rl#show running-config 
Building configuration... 

Current configuration : 1458 bytes 
! 

! Last configuration change at 20:33:44 UTC Tue Jul 28 2009 
! 

version 12.4 

service timestamps debug datetime msec 
service timestamps log datetime show-timezone 
no service password-encryption 
service sequence-numbers 
! 

hostname Rl 
! 

boot-sta rt-ma rke r 
boot-end-ma rker 
! 

no logging message-counter syslog 


hiifforori i nnnn 



yy" 'y 


! 

no aaa new-model 

no network-clock-participate slot 1 

no network-clock-participate wicO 

ip cef 
! 

! 

! 

! 

! 

multilink bundle-name authenticated 
! 

! 

! 

! 

! 

archive 
log config 
hidekeys 

! 

! 

! 

! 

! 

! 

! 

interface LoopbacklO 
ip address 10.1.1.1 255.255.255.0 
! 

interface Loopback20 
ip address 20.1.1.1 255.255.255.240 
! 

interface Loopback30 
ip address 30.1.1.1 255.255.240.0 
! 

interface FastEthernet0/0 
ip address 172.16.1.1 255.255.255.0 
ip access-group DETAILED-LOGGING in 
duplex auto 



speed auto 


! 

interface SerialO/O 
no ip address 
shutdown 
! 

ip forward-protocol nd 
! 

! 

ip http server 
ip http secure-server 
! 

ip access-list extended DETAILED-LOGGING 
deny ip any 10.1.1.0 0.0.0.255 log-input 
deny ip any 20.1.1.0 0.0.0.15 log-input 
deny ip any 30.1.0.0 0.0.15.255 log-input 
permit ip any any 
! 

logging 172.16.1.254 
access-list 5 permit 172.16.1.254 
snmp-server community secret RW 5 
snmp-server enable traps config 
snmp-server enable traps cpu threshold 
snmp-server host 172.16.1.254 secret config 
! 

! 

! 

! 

control-plane 

! 

! 

! 

line con 0 
line aux 0 
line vty 0 4 
privilege level 15 

password cisco 
login 




<< previous lab ] CCNA Security Labs 


! next lab >> 
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